Re: Test open ports
From: James Willmore (jwillmore_at_remove.adelphia.net)
Date: 02/26/04
- Previous message: fifo: "Re: file::find + absolute path"
- In reply to: James Willmore: "Re: Test open ports"
- Next in thread: Cyde Weys: "Re: Test open ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 26 Feb 2004 09:23:18 -0500
On Thu, 26 Feb 2004 08:59:32 -0500, James Willmore wrote:
> On Tue, 24 Feb 2004 16:51:53 +0000, Walter Roberson wrote:
>
>> In article <c1fva8$m9s$1@canopus.cc.umanitoba.ca>,
>> Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
>> |In article <c1fsde$6eb$1@planja.arnes.si>,
>> |Mike Mimic <ppagee@yahoo.com> wrote:
>>
>> |:Is there a way for this without opening
>> |:a whole TCP connection (socekt connect, close)?
>>
>> |by Fydor's "nmap" program.
>>
>> I neglected to mention that most of the alternatives to forming a
>> complete connection require "root" access on unix systems, in order
>> to have the permission to send out the specially crafted packets that
>> are needed.
>
> And why don't you have 'root' access? And why do you want to do such a
> thing when `netstat` works on both *NIX and Windows (XP and 2000 it does;
> don't know about 98, ME, or the various versions of NT)?
I replied wrongly, again - sorry :-(
My question for the OP is this - what are you trying to acomplish? If you
want to keep tabs on the users to see if they're running some they
shouldn't be running, then `nmap` would be the simple solution.
If you want to monitor traffic to/from the user's box, then ethereal may
fit the bill.
It seems to me that there are tools available out there to perform such
tasks.
I love using Perl, but I don't like to re-invent the wheel if I don't have
to :-)
HOWEVER, if you are trying to audit by stealth using Perl, then you may
want to look over IO::Socket. I don't think it will do *exactly* what you
want to do, but it may give you a solid starting place. It's not an easy
task to scan for open ports *without* connecting to them - at least
programmatically (meaning, write code to do it). You have to play around
with the TCP header information in such a way that the client will let you
know a port is open, but have it *not* register on the client as having a
connection.
If you're interested in a good book on the subject, try Skoudis's "Counter
Hack", which gives an in depth discussion on various techniques on doing
what you propose.
HTH
-- Jim Copyright notice: all code written by the author in this post is released under the GPL. http://www.gnu.org/licenses/gpl.txt for more information. a fortune quote ... A citizen of America will cross the ocean to fight for democracy, but won't cross the street to vote in a national election. -- Bill Vaughan
- Previous message: fifo: "Re: file::find + absolute path"
- In reply to: James Willmore: "Re: Test open ports"
- Next in thread: Cyde Weys: "Re: Test open ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
